Security and Privacy Flashcards
What are some common hardware security breaches?
Authentication spoofing, side-channel attacks and memory-level attakcs.
What are some common Cloud, Fog and Edge security breaches?
Denial of Service, side-channel attacks and eavesdropping.
What can cause poor software security?
Poor input validation, weak (or no) encryption, hardcoded information, no penetration testing or fuzzing.
What is the CIA triad?
The CIA triad refers to Confidentiality, Integrity and Availability, three of the cornerstones of security. Each breach on a system violates one or more of these sectors.
What is the difference between a threat and an attack?
A threat is an actor with the capability to exploit vulnerabilities in the system, while an attack is a threat being carried out on the system - the implementation, if you will.
What is the difference between a risk and a vulnerability?
A vulnerability is a flaw or weakness in a system’s design that could be exploited, while a risk is the expectation of loss associated with that vulnerability, or a threat leveraging that vulnerability.
What is meant by an interception attack?
Any situation where an actor can access private or confidential information with no legitimate authorisation.
What is meant by a modification attack?
Any situation where an attacker intercepts communication between sender and receiver without their knowledge and tampers with the information. It is important that it is without their knowledge.
What is meant by a fabrication attack?
Any situation where an attacker injects false data or creates a false trail in the system.
What is meant by an interruption attack?
Any situation where an attacker causes information to become unavailable or unusable for the receiver on either a temporary or permanent basis.
What is meant by a side-channel attack?
Any situation where an attacker uses unintended information from physical and logical parameters of a main computation function to gain access or information.
What is meant by a covert-channel attack?
Any situation where an attacker creates a pipeline to transfer data between two processes that are not supposed to be allowed to communicate with each other.
What is one attack you can perform on a memory-based channel?
A side-channel analysis. Some software’s access to key-dependent memory may cause extra computation to decrypt or encrypt the keys, allowing attackers to predict the keys’ contents.
What are three features that get exploited by cache SCAs?
Cache access latency due to computation, memory-to-cache mapping to derive main memory access behaviour, and cache conflicts to capture the cache accesses by a victim.
What is a side-channel attack that exploits memory-to-cache mapping?
One side-channel attack may be done by loading data into a single set of a set-associative cache until data has to be popped off, allowing the attacker to know the size and contents of that cache.
